← volver
CVE-2025-6185

Leviton AcquiSuite and Energy Monitoring Hub Cross-site Scripting

CVSS 8.7 HIGHEPSS 0.3%CWE-79
Leviton AcquiSuite and Energy Monitoring Hub are susceptible to a cross-site scripting vulnerability, allowing an attacker to craft a malicious payload in URL parameters, which would execute in a client browser when accessed by a user, steal session tokens, and control the service.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
Productos afectados
Leviton · AcquiSuiteLeviton · Energy Monitoring Hub

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://leviton.com/support/resources/product-supporthttps://www.cisa.gov/news-events/ics-advisories/icsa-25-198-01